generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix DTLSv1_listen following state machine changes

Browse Source 
Adding the new state machine broke the DTLSv1_listen code because
calling SSL_in_before() was erroneously returning true after DTLSv1_listen
had successfully completed. This change ensures that SSL_in_before returns
false.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
2015-10-22 12:18:45 +01:00
parent 91eac8d567
commit 31fd10e60d
3 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/d1_lib.c
View File

@@ -872,8 +872,11 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
*/
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
/* Put us into the "init" state so that we don't get our state cleared */
ossl_statem_set_in_init(s, 1);
/*
* Tell the state machine that we've done the initial hello verify
* exchange
*/
ossl_statem_set_hello_verify_done(s);
if(BIO_dgram_get_peer(rbio, client) <= 0) {
SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR);